OTL logfile created on: 2012-06-23 03:01:49 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = E:\POBIERANIE
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,43% Memory free
5,18 Gb Paging File | 3,32 Gb Available in Paging File | 64,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 0,97 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
Drive E: | 90,45 Gb Total Space | 1,83 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
 
Computer Name: MAGDA_KOMPUTER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-06-23 03:00:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\POBIERANIE\OTL (2).exe
PRC - [2012-06-23 01:25:56 | 000,302,592 | ---- | M] () -- C:\Users\Bednarczyk\Desktop\lbsbln9x.exe
PRC - [2012-06-22 22:05:36 | 006,003,000 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent.exe
PRC - [2012-06-22 22:05:35 | 000,190,264 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spideragent_adm.exe
PRC - [2012-06-22 22:05:28 | 002,117,944 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\dwnetfilter.exe
PRC - [2012-06-22 22:05:13 | 001,577,272 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\dwservice.exe
PRC - [2012-06-22 22:05:07 | 001,898,920 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2012-04-19 11:52:20 | 000,427,008 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Roaming\cacaoweb\cacaoweb.exe
PRC - [2011-11-11 19:25:36 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2011-11-11 19:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011-11-02 00:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011-07-16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-07-12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010-05-21 00:29:12 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010-05-21 00:29:08 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010-05-18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010-05-04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009-12-22 01:08:39 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-05-14 18:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012-06-23 01:25:56 | 000,302,592 | ---- | M] () -- C:\Users\Bednarczyk\Desktop\lbsbln9x.exe
MOD - [2012-06-07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
MOD - [2012-06-07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012-06-07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012-06-07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012-06-07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012-06-07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012-06-07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012-04-19 11:52:20 | 000,427,008 | ---- | M] () -- C:\Users\Bednarczyk\AppData\Roaming\cacaoweb\cacaoweb.exe
MOD - [2011-09-27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-09-27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010-05-04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007-09-02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- E:\Michał\strona\xampp\service.exe -- (XAMPP)
SRV - [2012-06-22 22:05:28 | 002,117,944 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\dwnetfilter.exe -- (DrWebNetFilter)
SRV - [2012-06-22 22:05:13 | 001,577,272 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\dwservice.exe -- (DrWebAVService)
SRV - [2012-06-22 22:05:07 | 001,898,920 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2012-06-20 09:08:29 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-10-24 00:00:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-05-18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010-05-04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009-12-22 01:08:39 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-05-14 18:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Admin\AppData\Local\Temp\fxddikoc.sys -- (fxddikoc)
DRV - [2012-06-22 22:05:43 | 000,214,360 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\dwprot.sys -- (DwProt)
DRV - [2012-06-22 22:05:33 | 000,167,128 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\spiderg3.sys -- (SpiderG3)
DRV - [2012-06-22 22:05:30 | 000,057,048 | ---- | M] (Doctor Web, Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dw_wfp.sys -- (DrWebWfp)
DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009-03-30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007-07-11 02:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006-11-14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2002-07-17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/martview/{40ABAD30-2BB3-4DB6-8627-AE76B5414DC2}
IE - HKLM\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2405280
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/martview/{40ABAD30-2BB3-4DB6-8627-AE76B5414DC2}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\iTalk Sync 1.0.1\mybarnse90E4.tmp\tbhelper.dll ()
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\SearchScopes,DefaultScope = {0633EE93-1111-472f-A0FF-E1416B8B2E3B}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = http://www.gooofullsearch.com/google?q={searchTerms}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPCK_plPL402
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/martview/{40ABAD30-2BB3-4DB6-8627-AE76B5414DC2}?q={searchTerms}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2405280
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\iTalk Sync 1.0.1\mybarnse90E4.tmp\tbhelper.dll ()
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = http://www.gooofullsearch.com/google?q={searchTerms}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GPCK_plPL402&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/martview/{40ABAD30-2BB3-4DB6-8627-AE76B5414DC2}?q={searchTerms}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2405280
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\PROGRAMY\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-10-11 22:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-08 15:53:02 | 000,000,000 | ---D | M]
 
[2011-12-08 20:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-03-23 20:53:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-08-12 11:22:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-12-08 20:50:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-07-08 09:50:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-08-24 11:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011-07-30 15:42:47 | 000,001,198 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: ::1             localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll File not found
O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll File not found
O2 - BHO: (TBSB07458 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\iTalk Sync 1.0.1\mybarnse90E4.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MartView DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\MartView DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Free software Gooofull toolbar) - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\iTalk Sync 1.0.1\mybarnse90E4.tmp\tbcore3.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\Toolbar\WebBrowser: (MartView DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\MartView DB Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\Toolbar\WebBrowser: (MartView DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\MartView DB Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003\..\Toolbar\WebBrowser: (Free software Gooofull toolbar) - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\iTalk Sync 1.0.1\mybarnse90E4.tmp\tbcore3.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bonus.SSR.FR10] E:\fineredaer\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\spideragent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001..\Run: [3xAV] C:\Program Files\Enounce\MySpeed\MySpeed.exe File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001..\Run: [HEXelon MAX] C:\Program Files\HEXelon MAX 6\hexelon.exe (Jerzy Znamirowski)
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001..\Run: [KeyTurion] "C:\Program Files\Datpol\KeyTurion.exe" File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1001..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [AQQ] C:\Users\BEDNAR~1\Desktop\AQQ.exe File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [cacaoweb] C:\Users\Bednarczyk\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [Desktop Notes] E:\POBIERANIE\aplikacje produktynwosc\DesktopNotes.exe File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [Facebook Update] C:\Users\Bednarczyk\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [itmtqbp] C:\Users\Bednarczyk\AppData\Local\hixlyk.exe File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [KeyTurion] "C:\Program Files\Datpol\KeyTurion.exe" File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [PCinMyHand Server] E:\BUZAN\PC in My Hand\pcinmyhand.exe File not found
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\click.to.lnk = C:\Program Files\Axonic\click.to\clicktoapp.exe (Axonic)
O4 - Startup: C:\Users\Bednarczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Bednarczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm File not found
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm File not found
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm File not found
O9 - Extra Button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\iTalk Sync 1.0.1\mybarnse90E4.tmp\tbcore3.dll ()
O9 - Extra 'Tools' menuitem : Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files\iTalk Sync 1.0.1\mybarnse90E4.tmp\tbcore3.dll ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 File not found
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe File not found
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C2F624-2D5B-497A-B58A-2C1DD48AB1F0}: DhcpNameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5EFBA7-0EAB-48D2-851B-00288098E880}: DhcpNameServer = 192.168.1.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Axonic\click.to\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-34174271-3308388829-3214552451-1003 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b4e390d6-a605-11e0-acb7-001e68541827}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e390d6-a605-11e0-acb7-001e68541827}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-06-23 01:24:21 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2012-06-22 22:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-06-22 22:06:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\Doctor Web
[2012-06-22 22:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Web
[2012-06-22 22:05:43 | 000,214,360 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dwprot.sys
[2012-06-22 22:05:33 | 000,167,128 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\spiderg3.sys
[2012-06-22 22:05:30 | 000,057,048 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dw_wfp.sys
[2012-06-22 22:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2012-06-22 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2012-06-22 22:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2012-06-22 15:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\click.to
[2012-06-22 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Axonic
[2012-06-19 14:08:43 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012-06-19 14:08:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012-06-19 14:08:01 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012-06-19 14:08:01 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012-06-19 14:08:01 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012-06-19 14:07:31 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012-06-19 14:07:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012-06-15 01:00:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-06-15 01:00:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-06-15 01:00:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012-06-15 01:00:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-06-15 01:00:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-06-15 01:00:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-06-15 01:00:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-06-14 09:44:49 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012-06-14 09:44:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012-06-14 09:44:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012-06-14 09:44:46 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-06-05 00:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wunderlist
[2012-06-05 00:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wunderlist
[2012-05-28 00:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkaWit
[2012-05-28 00:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\SkaWit
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-06-23 03:20:02 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-34174271-3308388829-3214552451-1003UA.job
[2012-06-23 03:14:04 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-23 02:50:28 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-23 02:50:28 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-23 02:42:03 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-23 02:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-23 02:40:56 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-23 02:35:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-34174271-3308388829-3214552451-1003UA.job
[2012-06-23 02:23:05 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012-06-23 02:12:34 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Dr.Web Daily scan.job
[2012-06-22 23:08:11 | 000,803,406 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-06-22 23:08:11 | 000,717,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-06-22 23:08:11 | 000,179,152 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-06-22 23:08:11 | 000,145,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-06-22 22:06:22 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Skaner Dr.Web.lnk
[2012-06-22 22:05:43 | 000,214,360 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dwprot.sys
[2012-06-22 22:05:33 | 000,167,128 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\spiderg3.sys
[2012-06-22 22:05:30 | 000,057,048 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dw_wfp.sys
[2012-06-22 21:20:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-34174271-3308388829-3214552451-1003Core.job
[2012-06-22 15:08:25 | 000,001,126 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\click.to.lnk
[2012-06-21 10:50:00 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012-06-20 08:35:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-34174271-3308388829-3214552451-1003Core.job
[2012-06-15 07:13:45 | 003,642,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-06-03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012-06-03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012-06-03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012-06-03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012-06-03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012-06-02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012-06-02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012-05-28 02:37:48 | 000,000,226 | ---- | M] () -- C:\Windows\AWS.ini
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-06-23 02:23:05 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012-06-22 22:06:23 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Dr.Web Daily scan.job
[2012-06-22 22:06:22 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Skaner Dr.Web.lnk
[2012-06-22 15:08:25 | 000,001,126 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\click.to.lnk
[2012-06-08 15:52:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012-05-28 02:37:48 | 000,000,226 | ---- | C] () -- C:\Windows\AWS.ini
[2012-05-20 01:19:15 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011-12-12 00:39:52 | 000,000,080 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2010-11-15 22:59:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-10-30 12:21:27 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2010-10-24 15:40:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010-10-23 17:52:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011-11-03 00:29:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\1-abc
[2011-07-31 16:19:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Artisteer
[2010-11-11 15:45:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2011-02-13 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGet
[2010-10-23 19:57:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gadu-Gadu
[2011-07-07 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GHISLER
[2011-01-12 14:18:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HEXelon
[2011-12-20 22:06:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ipla
[2010-11-11 15:10:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sports Interactive
[2011-01-15 12:36:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SuperMemo World
[2011-11-03 01:22:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2011-08-06 23:01:56 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Artisteer
[2012-05-20 01:31:06 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Audacity
[2011-03-23 20:45:25 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\BitComet
[2012-06-23 02:54:15 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\cacaoweb
[2012-06-23 03:13:28 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\calibre
[2011-06-22 07:57:13 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Codeton
[2010-11-11 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\DAEMON Tools Lite
[2012-06-23 02:44:25 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Dropbox
[2011-07-26 17:30:50 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\foobar2000
[2010-10-23 21:04:25 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Gadu-Gadu
[2011-08-08 18:56:14 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\GHISLER
[2011-09-10 11:14:08 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Gmail Notifier
[2011-06-23 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\go
[2012-06-15 07:25:08 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\gtk-2.0
[2012-05-20 11:18:06 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\HEXelon
[2011-01-23 14:15:53 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\NeatImage SL
[2010-10-23 21:39:02 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\OpenOffice.org
[2011-12-12 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Passware
[2012-04-12 21:18:38 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\PlayerPlug
[2012-04-12 21:18:38 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\PropMgrAsync
[2012-05-25 00:37:57 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\redsn0w
[2011-11-03 00:10:15 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Sports Interactive
[2011-07-15 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010-10-29 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\SuperMemo World
[2012-05-20 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\TeamViewer
[2012-06-05 01:51:21 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\Titanium
[2012-05-22 13:10:38 | 000,000,000 | ---D | M] -- C:\Users\Bednarczyk\AppData\Roaming\uTorrent
[2012-06-23 02:12:34 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\Dr.Web Daily scan.job
[2012-06-22 21:20:00 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-34174271-3308388829-3214552451-1003Core.job
[2012-06-23 03:20:02 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-34174271-3308388829-3214552451-1003UA.job
[2012-04-04 20:32:35 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5D68E797
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1C209B86

< End of report >